diff options
| author | Moritz Jodeit <moritz@cvs.openbsd.org> | 2007-09-17 07:07:24 +0000 |
|---|---|---|
| committer | Moritz Jodeit <moritz@cvs.openbsd.org> | 2007-09-17 07:07:24 +0000 |
| commit | 78bd82b79fdb80709642f906507dbf2b169271d9 (patch) | |
| tree | a44ce4d3fa6dd9758572d4125985c736db06c00c /lib/libc/time/strftime.c | |
| parent | f75700d891f9b74d2f1c29a1ced7415b4916ea8f (diff) | |
Check snprintf(3) return value for error or truncation.
Mostly path construction, where truncation could be bad.
ok and input from deraadt@ millert@ ray@
Diffstat (limited to 'lib/libc/time/strftime.c')
| -rw-r--r-- | lib/libc/time/strftime.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/libc/time/strftime.c b/lib/libc/time/strftime.c index 58bde890b91..578e8f7cc0c 100644 --- a/lib/libc/time/strftime.c +++ b/lib/libc/time/strftime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: strftime.c,v 1.16 2005/08/08 08:05:38 espie Exp $ */ +/* $OpenBSD: strftime.c,v 1.17 2007/09/17 07:07:23 moritz Exp $ */ #include "private.h" /* @@ -660,6 +660,7 @@ _loc P((void)) int fd; int oldsun; /* "...ain't got nothin' to do..." */ + int len; char * lbuf; char * nlbuf; char * name; @@ -699,16 +700,20 @@ _loc P((void)) ((sizeof locale_home) + namesize + (sizeof lc_time))) goto no_locale; oldsun = 0; - (void) snprintf(filename, sizeof filename, "%s/%s/%s", locale_home, + len = snprintf(filename, sizeof filename, "%s/%s/%s", locale_home, name, lc_time); + if (len < 0 || len >= sizeof filename) + goto no_locale; fd = open(filename, O_RDONLY); if (fd < 0) { /* ** Old Sun systems have a different naming and data convention. */ oldsun = 1; - (void) snprintf(filename, sizeof filename, "%s/%s/%s", + len = snprintf(filename, sizeof filename, "%s/%s/%s", locale_home, lc_time, name); + if (len < 0 || len >= sizeof filename) + goto no_locale; fd = open(filename, O_RDONLY); if (fd < 0) goto no_locale; |